CVE-2026-30625
- EPSS 0.24%
- Veröffentlicht 15.04.2026 00:00:00
- Zuletzt bearbeitet 17.04.2026 15:09:46
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed comman...
CVE-2026-0773
- EPSS 0.95%
- Veröffentlicht 23.01.2026 03:29:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulne...
- EPSS 0.08%
- Veröffentlicht 19.06.2025 21:00:14
- Zuletzt bearbeitet 08.07.2025 16:36:41
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The e...
CVE-2025-6278
- EPSS 0.22%
- Veröffentlicht 19.06.2025 20:31:05
- Zuletzt bearbeitet 08.07.2025 16:38:18
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has bee...